Red Hat SummitChapter 6. Technology previews
This part provides a list of all Technology Previews available in Red Hat Enterprise Linux 9.
For information on Red Hat scope of support for Technology Preview features, see Technology Preview Features Support Scope.
6.1. Installer and image creation
NVMe over TCP for RHEL installation is now available as a Technology Preview
With this Technology Preview, you can now use NVMe over TCP volumes to install RHEL after configuring the firmware. While adding disks from the Installation Destination screen, you can select the NVMe namespaces under the NVMe Fabrics Devices section.
Jira:RHEL-10216[1]
Installation of bootable OSTree native containers is now available as a Technology Preview
The ostreecontainer Kickstart command is now available in Anaconda as a Technology Preview. You can use this command to install the operating system from an OSTree commit encapsulated in an OCI image. When performing Kickstart installations, the following commands are available together with ostreecontainer:
- graphical, text, or cmdline
- ostreecontainer
- clearpart, zerombr
- autopart
- part
- logvol, volgroup
- reboot and shutdown
- lang
- rootpw
- sshkey
-
bootloader - Available only with the
--appendoptional parameter. - user
When you specify a group within the user command, the user account can be assigned only to a group that already exists in the container image. Kickstart commands not listed here are allowed to be used with ostreecontainer command, however, they are not guaranteed to work as expected with package-based installations.
However, the following Kickstart commands are unsupported together with ostreecontainer:
- %packages (any necessary packages must be already available in the container image)
-
url (if there is a need to fetch a
stage2image for installation, for example, PXE installations, useinst.stage2=on the kernel instead of providing a url forstage2inside the Kickstart file) - liveimg
- vnc
- authconfig and authselect (provide relevant configuration in the container image instead)
- module
- repo
- zipl
- zfcp
Installation of bootable OSTree native containers is not supported in interactive installations that use partial Kickstart files.
Note: When customizing a mount point, you must define the mount point in the /mnt directory and ensure that the mount point directory exists inside /var/mnt in the container image.
Jira:RHEL-2250[1]
Boot loader installation and configuration via bootupd / bootupctl in Anaconda is now available as a Technology Preview
As the ostreecontainer Kickstart command is now available in Anaconda as a Technology Preview, you can use it to install the operating system from an OSTree commit encapsulated in an OCI image. Anaconda automatically arranges a boot loader installation and configuration via the bootupd/bootupctl tool contained within the container image, even without an explicit boot loader configuration in Kickstart.
Jira:RHEL-17205[1]
A new rhel9/bootc-image-builder container image is generally available in RHEL
The rhel9/bootc-image-builder container image for image mode for RHEL includes a minimal version of image builder that converts bootable container images, for example rhel-bootc, to different disk image formats, such as QCOW2, AMI, VMDK, ISO, and others.
Jira:RHELDOCS-17733[1]
6.2. Security
Encrypted DNS in RHEL is available as a Technology Preview
You can enable encrypted DNS to secure DNS communication that uses DNS-over-TLS (DoT). Encrypted DNS (eDNS) encrypts all DNS traffic end-to-end, with no fallback to insecure protocols, and aligns with zero trust architecture (ZTA) principles.
To perform a new installation with eDNS, specify the DoT-enabled DNS server by using the kernel command line. This ensures encrypted DNS is active during the installation process, boot time, and on the installed system. If you require a custom CA certificate bundle, you can install it only by using the %certificate section in the Kickstart file. Currently, the custom CA bundle can be installed only through Kickstart installation.
On an existing system, configure NetworkManager to use a new DNS plugin, dnsconfd, which manages the local DNS resolver (unbound) for eDNS. Add kernel arguments to configure eDNS for the early boot process, and optionally install a custom CA bundle.
Additionally, Identity Management (IdM) deployments can also use encrypted DNS, with the integrated DNS server supporting DoT.
See Securing system DNS traffic with encrypted DNS for more details.
Jira:RHELDOCS-20059[1], Jira:RHEL-67913
gnutls now uses kTLS as a Technology Preview
The updated gnutls packages can use kernel TLS (kTLS) for accelerating data transfer on encrypted channels as a Technology Preview. To enable kTLS, add the tls.ko kernel module using the modprobe command, and create a new configuration file /etc/crypto-policies/local.d/gnutls-ktls.txt for the system-wide cryptographic policies with the following content:
[global] ktls = true
[global]
ktls = true
Note that the current version does not support updating traffic keys through TLS KeyUpdate messages, which impacts the security of AES-GCM ciphersuites. See the RFC 7841 - TLS 1.3 document for more information.
Jira:RHELPLAN-128129[1]
OpenSSL clients can use the QUIC protocol as a Technology Preview
OpenSSL can use the QUIC transport layer network protocol on the client side with the rebase to OpenSSL version 3.2.2 as a Technology Preview.
Jira:RHELDOCS-18935[1]
The io_uring interface is available as a Technology Preview
io_uring is a new and effective asynchronous I/O interface, which is now available as a Technology Preview. By default, this feature is disabled. You can enable this interface by setting the kernel.io_uring_disabled sysctl variable to any one of the following values:
0-
All processes can create
io_uringinstances as usual. 1-
io_uringcreation is disabled for unprivileged processes. Theio_uring_setupfails with the-EPERMerror unless the calling process is privileged by theCAP_SYS_ADMINcapability. Existingio_uringinstances can still be used. 2-
io_uringcreation is disabled for all processes. Theio_uring_setupalways fails with-EPERM. Existingio_uringinstances can still be used. This is the default setting.
An updated version of the SELinux policy to enable the mmap system call on anonymous inodes is also required to use this feature.
By using the io_uring command pass-through, an application can issue commands directly to the underlying hardware, such as nvme.
Jira:RHEL-11792[1]
6.3. RHEL for Edge
FDO now provides storing and querying Owner Vouchers from a SQL backend as a Technology Preview
With this Technology Preview, FDO manufacturer-server, onboarding-server, and rendezvous-server are available for storing and querying Owner Vouchers from a SQL backend. As a result, you can select a SQL datastore in the FDO servers options, along with credentials and other parameters, to store the Owner Vouchers.
Jira:RHELDOCS-17752[1]
6.4. Shells and command-line tools
The systemd-resolved service is available as a Technology Preview
The systemd-resolved service provides name resolution to local applications. The service implements a caching and validating DNS stub resolver, a Link-Local Multicast Name Resolution (LLMNR), and Multicast DNS resolver and responder.
Note that systemd-resolved is an unsupported Technology Preview.
GIMP available as a Technology Preview in RHEL 9
GNU Image Manipulation Program (GIMP) 2.99.8 is now available in RHEL 9 as a Technology Preview. The gimp package version 2.99.8 is a pre-release version with a set of improvements, but a limited set of features and no guarantee for stability. As soon as the official GIMP 3 is released, it will be introduced into RHEL 9 as an update of this pre-release version.
In RHEL 9, you can install gimp easily as an RPM package.
Jira:RHELPLAN-109991[1]
6.5. Infrastructure services
Socket API for TuneD available as a Technology Preview
The socket API for controlling TuneD through a UNIX domain socket is now available as a Technology Preview. The socket API maps one-to-one with the D-Bus API and provides an alternative communication method for cases where D-Bus is not available. By using the socket API, you can control the TuneD daemon to optimize the performance, and change the values of various tuning parameters. The socket API is disabled by default, you can enable it in the tuned-main.conf file.
Jira:RHELPLAN-129881[1]
6.6. Networking
Offloading IPsec encapsulation to a NIC is now available as a Technology Preview
This update adds the IPsec packet offloading capabilities to the kernel. Previously, it was possible to only offload the encryption to a network interface controller (NIC). With this enhancement, the kernel can now offload the entire IPsec encapsulation process to a NIC to reduce the workload.
Note that offloading the IPsec encapsulation process to a NIC also reduces the ability of the kernel to monitor and filter such packets.
Jira:RHEL-88552[1]
KTLS available as a Technology Preview
In RHEL, Kernel Transport Layer Security (KTLS) is provided as a Technology Preview. KTLS handles TLS records using the symmetric encryption or decryption algorithms in the kernel for the AES-GCM cipher. KTLS also includes the interface for offloading TLS record encryption to Network Interface Controllers (NICs) that provides this functionality.
Note that specific uses cases of kernel TLS offload might have a higher support status. For details see the release notes in the New features chapter.
Jira:RHEL-88551[1]
NetworkManager and the Nmstate API support MACsec hardware offload
You can use both NetworkManager and the Nmstate API to enable MACsec hardware offload if the hardware supports this feature. As a result, you can offload MACsec operations, such as encryption, from the CPU to the network interface card.
Note that this feature is an unsupported Technology Preview.
NetworkManager enables configuring HSR and PRP interfaces
High-availability Seamless Redundancy (HSR) and Parallel Redundancy Protocol (PRP) are network protocols that provide seamless failover against failure of any single network component. Both protocols are transparent to the application layer, meaning that users do not experience any disruption in communication or any loss of data, because a switch between the main path and the redundant path happens very quickly and without awareness of the user. Now it is possible to enable and configure HSR and PRP interfaces using the NetworkManager service through the nmcli utility and the DBus message system.
UDP encapsulation in packet offload mode is now available as a Technology Preview
With IPsec packet offload, the kernel can offload the entire IPsec encapsulation process to a NIC to reduce the workload. With this update, the packet offload has been improved by supporting User Datagram Protocol (UDP) encapsulation of ipsec tunnels when in packet offload mode.
Jira:RHEL-30141[1]
The Soft-iWARP driver is available as a Technology Preview
Soft-iWARP (siw) is a software, Internet Wide-area RDMA Protocol (iWARP), kernel driver for Linux. Soft-iWARP implements the iWARP protocol suite over the TCP/IP network stack. This protocol suite is fully implemented in software and does not require a specific Remote Direct Memory Access (RDMA) hardware. Soft-iWARP enables a system with a standard Ethernet adapter to connect to an iWARP adapter or to another system with already installed Soft-iWARP.
Jira:RHELPLAN-102815[1]
rvu_af, rvu_nicpf, and rvu_nicvf available as Technology Preview
The following kernel modules are available as Technology Preview for Marvell OCTEON TX2 Infrastructure Processor family:
rvu_af- Marvell OcteonTX2 RVU Admin Function driver
rvu_nicpf- Marvell OcteonTX2 NIC Physical Function driver
rvu_nicvf- Marvell OcteonTX2 NIC Virtual Function driver
Jira:RHELPLAN-108169[1]
Segment Routing over IPv6 (SRv6) is available as a Technology Preview
The RHEL kernel provides Segment Routing over IPv6 (SRv6) as a Technology Preview. You can use this functionality to optimize traffic flows in edge computing or to improve network programmability in data centers. However, the most significant use case is the end-to-end (E2E) network slicing in 5G deployment scenarios. In that area, the SRv6 protocol provides you with the programmable custom network slices and resource reservations to address network requirements for specific applications or services. At the same time, the solution can be deployed on a single-purpose appliance, and it satisfies the need for a smaller computational footprint.
Jira:RHELPLAN-154595[1]
kTLS was updated to version 6.12
The kernel Transport Layer Security (KTLS) functionality is a Technology Preview. In RHEL 9.6, we updated kTLS to the 6.12 upstream version.
Jira:RHELPLAN-153754[1]
6.7. Kernel
python-drgn available as a Technology Preview
The python-drgn package brings an advanced debugging utility, which adds emphasis on programmability. You can use its Python command-line interface to debug both the live kernels and the kernel dumps. Additionally, python-drgn offers scripting capabilities for you to automate debugging tasks and conduct intricate analysis of the Linux kernel.
Jira:RHEL-6973[1]
The IAA crypto driver is now available as a Technology Preview
The Intel® In-Memory Analytics Accelerator (Intel® IAA) is a hardware accelerator that provides very high throughput compression and decompression combined with primitive analytic functions.
The iaa_crypto driver, which offloads compression and decompression operations from the CPU, has been introduced in RHEL 9.4 as a Technology Preview. It supports compression and decompression compatible with the DEFLATE compression standard described in RFC 1951. The iaa_crypto driver is designed to work as a layer underneath higher-level compression devices such as zswap.
For details about the IAA crypto driver, see:
Jira:RHEL-20145[1]
The Neural Processing Unit (NPU) kernel for the RHEL Kernel is available as a Technology Preview on Intel Arrow Lake-based systems
In RHEL 9.6, the kernel introduces the Neural Processing Unit (NPU) as a Technology Preview. NPUs are special chips used for artificial intelligence (AI) and machine learning (ML) tasks on the systems. The kernel in RHEL 9.6 includes the initial driver for Intel NPUs and support infrastructure required to use the NPUs for AI/ML tasks.
Jira:RHEL-38583[1]
The Red Hat Enterprise Linux for Real Time on ARM64 is now available as a Technology Preview
With this Technology Preview, the Red Hat Enterprise Linux for Real Time is now enabled for ARM64. The ARM64 is enabled on ARM (AARCH64), for both 4k and 64k ARM kernels.
Jira:RHELDOCS-19635[1]
6.8. File systems and storage
NVMe-oF Discovery Service features available as a Technology Preview
The NVMe-oF Discovery Service features, defined in the NVMexpress.org Technical Proposals (TP) 8013 and 8014, are available as a Technology Preview. To preview these features, use the nvme-cli 2.0 package and attach the host to an NVMe-oF target device that implements TP-8013 or TP-8014. For more information about TP-8013 and TP-8014, see the NVM Express 2.0 Ratified TPs from the https://nvmexpress.org/specifications/ website.
Jira:RHELPLAN-102321[1]
nvme-stas package available as a Technology Preview
The nvme-stas package, which is a Central Discovery Controller (CDC) client for Linux, is now available as a Technology Preview. It handles Asynchronous Event Notifications (AEN), Automated NVMe subsystem connection controls, Error handling and reporting, and Automatic (zeroconf) and Manual configuration.
This package consists of two daemons, Storage Appliance Finder (stafd) and Storage Appliance Connector (stacd).
Jira:RHELPLAN-58357[1]
NVMe/TCP using TLS is available as a Technology Preview
Encrypting Non-volatile Memory Express (NVMe) over TCP (NVMe/TCP) network traffic using TLS configured with Pre-Shared Keys (PSK) has been added as a Technology Preview in RHEL 9.6. For instructions, see Configuring an NVMe/TCP host using TLS with Pre-Shared-Keys.
Jira:RHEL-9301[1]
6.9. Dynamic programming languages, web and database servers
A new nodejs:22 module stream available as a Technology Preview
A new module stream, nodejs:22, is now available as a Technology Preview. A future update will provide a Long Term Support (LTS) version of Node.js 22, which will be fully supported.
Node.js 22 included in RHEL 9.5 provides numerous new features, bug fixes, security fixes, and performance improvements over Node.js 20 available since RHEL 9.3.
Notable changes include:
-
The
V8JavaScript engine has been upgraded to version 12.4. -
The
V8 Maglevcompiler is now enabled by default on architectures where it is available (AMD and Intel 64-bit architectures and the 64-bit ARM architecture). -
Maglevimproves performance for short-lived CLI programs. -
The
npmpackage manager has been upgraded to version 10.8.1. -
The
node --watchmode is now considered stable. Inwatchmode, changes in watched files cause theNode.jsprocess to restart. -
The browser-compatible implementation of
WebSocketis now considered stable and enabled by default. As a result, a WebSocket client to Node.js is available without external dependencies. -
Node.jsnow includes an experimental feature for execution of scripts frompackage.json. To use this feature, execute thenode --run <script-in-package.json>command.
To install the nodejs:22 module stream, enter:
dnf module install nodejs:22
# dnf module install nodejs:22
If you want to upgrade from the nodejs20 stream, see Switching to a later stream.
For information about the length of support for the nodejs Application Streams, see Red Hat Enterprise Linux Application Streams Life Cycle.
6.10. Compilers and development tools
jmc-core and owasp-java-encoder available as a Technology Preview
RHEL 9 is distributed with the jmc-core and owasp-java-encoder packages as Technology Preview features for the AMD and Intel 64-bit architectures.
jmc-core is a library providing core APIs for Java Development Kit (JDK) Mission Control, including libraries for parsing and writing JDK Flight Recording files, and libraries for Java Virtual Machine (JVM) discovery through Java Discovery Protocol (JDP).
The owasp-java-encoder package provides a collection of high-performance low-overhead contextual encoders for Java.
Note that since RHEL 9.2, jmc-core and owasp-java-encoder are available in the CodeReady Linux Builder (CRB) repository, which you must explicitly enable. See How to enable and make use of content within CodeReady Linux Builder for more information.
Jira:RHELPLAN-88788[1]
libabigail: Flexible array conversion warning-suppression available as a Technology Preview
As a Technology Preview, when comparing binaries, you can suppress warnings related to fake flexible arrays that were converted to true flexible arrays by using the following suppression specification:
[suppress_type]
type_kind = struct
has_size_change = true
has_strict_flexible_array_data_member_conversion = true
[suppress_type]
type_kind = struct
has_size_change = true
has_strict_flexible_array_data_member_conversion = trueJira:RHEL-16629[1]
eu-stacktrace available as a Technology Preview
The eu-stacktrace utility, which has been distributed through the elfutils package since version 0.192, is available as a Technology Preview feature. eu-stacktrace is a prototype utility that uses the elfutils toolkit’s unwinding libraries to support a sampling profiler to unwind frame pointer-less stack sample data.
Jira:RHELDOCS-19072[1]
6.11. Identity Management
DNS over TLS (DoT) in IdM deployments is available as a Technology Preview
Encrypted DNS using DNS over TLS (DoT) is now available as a Technology Preview in Identity Management (IdM) deployments. You can now encrypt all DNS queries and responses between DNS clients and IdM DNS servers.
To start using this functionality, install the ipa-server-encrypted-dns package for IdM servers and replicas, and the ipa-client-encrypted-dns package for IdM clients. Administrators can enable DoT during the installation using the --dns-over-tls option.
IdM configures Unbound as a local caching resolver and BIND to receive DoT requests. This functionality is available through the command-line interface (CLI) and non-interactive installations of IdM.
To configure DoT, new options were added to installation utilities for IdM servers, replicas, clients, and the integrated DNS service:
-
--dot-forwarderto specify an upstream DoT-enabled DNS server. -
--dns-over-tls-keyand--dns-over-tls-certto configure DoT certificates. -
--dns-policyto set a DNS security policy to either allow fallback to unencrypted DNS or enforce strict DoT usage.
By default, IdM uses relaxed DNS policy, which allows fallback to unencrypted DNS. You can enforce encrypted-only communication using the new --dns-policy option with the enforced setting.
You can also enable DoT on an existing IdM deployment by reconfiguring the integrated DNS service using ipa-dns-install with the new DoT options.
See Securing DNS with DoT in IdM for more details.
Jira:RHEL-67913[1], Jira:RHELDOCS-20059
ACME available as a Technology Preview
The Automated Certificate Management Environment (ACME) service is now available in Identity Management (IdM) as a Technology Preview. ACME is a protocol for automated identifier validation and certificate issuance. Its goal is to improve security by reducing certificate lifetimes and avoiding manual processes from certificate lifecycle management.
In RHEL, the ACME service uses the Red Hat Certificate System (RHCS) PKI ACME responder. The RHCS ACME subsystem is automatically deployed on every certificate authority (CA) server in the IdM deployment, but it does not service requests until the administrator enables it. RHCS uses the acmeIPAServerCert profile when issuing ACME certificates. The validity period of issued certificates is 90 days. Enabling or disabling the ACME service affects the entire IdM deployment.
It is recommended to enable ACME only in an IdM deployment where all servers are running RHEL 8.4 or later. Earlier RHEL versions do not include the ACME service, which can cause problems in mixed-version deployments. For example, a CA server without ACME can cause client connections to fail, because it uses a different DNS Subject Alternative Name (SAN).
Currently, RHCS does not remove expired certificates. Because ACME certificates expire after 90 days, the expired certificates can accumulate and this can affect performance.
To enable ACME across the whole IdM deployment, use the
ipa-acme-manage enablecommand:Copy to Clipboard Copied! Toggle word wrap Toggle overflow ipa-acme-manage enable
# ipa-acme-manage enable The ipa-acme-manage command was successfulTo disable ACME across the whole IdM deployment, use the
ipa-acme-manage disablecommand:Copy to Clipboard Copied! Toggle word wrap Toggle overflow ipa-acme-manage disable
# ipa-acme-manage disable The ipa-acme-manage command was successfulTo check whether the ACME service is installed and if it is enabled or disabled, use the
ipa-acme-manage statuscommand:Copy to Clipboard Copied! Toggle word wrap Toggle overflow ipa-acme-manage status
# ipa-acme-manage status ACME is enabled The ipa-acme-manage command was successful
Jira:RHELPLAN-121754[1]
IdM-to-IdM migration is available as a Technology Preview
IdM-to-IdM migration is available in Identity Management as a Technology Preview. You can use a new ipa-migrate command to migrate all IdM-specific data, such as SUDO rules, HBAC, DNA ranges, hosts, services, and more, to another IdM server. This can be useful, for example, when moving IdM from a development or staging environment into a production one or when migrating IdM data between two production servers.
Jira:RHELDOCS-18408[1]
6.12. Desktop
GNOME for the 64-bit ARM architecture available as a Technology Preview
The GNOME desktop environment is available for the 64-bit ARM architecture as a Technology Preview.
You can now connect to the desktop session on a 64-bit ARM server using RDP. As a result, you can manage the server using graphical applications.
A limited set of graphical applications is available on 64-bit ARM. For example:
- The Firefox web browser
-
Red Hat Subscription Manager (
subscription-manager-cockpit) -
Firewall Configuration (
firewall-config) -
Disk Usage Analyzer (
baobab)
Using Firefox, you can connect to the Cockpit service on the server.
Jira:RHELPLAN-27394[1]
GNOME for the IBM Z architecture available as a Technology Preview
The GNOME desktop environment is available for the IBM Z architecture as a Technology Preview.
You can now connect to the desktop session on an IBM Z server using RDP. As a result, you can manage the server using graphical applications.
A limited set of graphical applications is available on IBM Z. For example:
- The Firefox web browser
-
Red Hat Subscription Manager (
subscription-manager-cockpit) -
Firewall Configuration (
firewall-config) -
Disk Usage Analyzer (
baobab)
Using Firefox, you can connect to the Cockpit service on the server.
Jira:RHELPLAN-27737[1]
6.13. The web console
The RHEL web console can now manage WireGuard connections
Starting with RHEL 9.4, you can use the RHEL web console to create and manage WireGuard VPN connections. Note that, both the WireGuard technology and its web console integration are unsupported Technology Previews.
Jira:RHELDOCS-17520[1]
6.14. Virtualization
Creating nested virtual machines
Nested KVM virtualization is provided as a Technology Preview for KVM virtual machines (VMs) running on Intel, AMD64, and IBM Z hosts with RHEL 9. With this feature, a RHEL 7, RHEL 8, or RHEL 9 VM that runs on a physical RHEL 9 host can act as a hypervisor, and host its own VMs.
Jira:RHELDOCS-17040[1]
AMD SEV, SEV-ES, and SEV-SNP for KVM virtual machines
As a Technology Preview, RHEL 9 provides the Secure Encrypted Virtualization (SEV) feature for AMD EPYC host machines that use the KVM hypervisor. If enabled on a virtual machine (VM), SEV encrypts the VM’s memory to protect the VM from access by the host. This increases the security of the VM.
In addition, the enhanced Encrypted State version of SEV (SEV-ES) is also provided as Technology Preview. SEV-ES encrypts all CPU register contents when a VM stops running. This prevents the host from modifying the VM’s CPU registers or reading any information from them.
RHEL 9.5 and later also provides the Secure Nested Paging (SEV-SNP) feature as Technology Preview. SNP enhances SEV and SEV-ES by improving its memory integrity protection, which helps prevent hypervisor-based attacks, such as data replay or memory re-mapping.
Note that SEV and SEV-ES work only on the 2nd generation of AMD EPYC CPUs (codenamed Rome) or later. Similarly, SEV-SNP works only on 4rd generation AMD EPYC CPUs (codenamed Genoa) or later. Also note that RHEL 9 includes SEV, SEV-ES, and SEV-SNP encryption, but not the SEV, SEV-ES, and SEV-SNP security attestation and live migration.
Jira:RHELPLAN-65217[1]
CPU clusters on 64-bit ARM
As a Technology Preview, you can now create KVM virtual machines that use multiple 64-bit ARM CPU clusters in their CPU topology.
Jira:RHEL-7043[1]
New package: trustee-guest-components
As a Technology Preview, this update adds the trustee-guest-components package. This makes it possible for confidential virtual machines to attest themselves and get confidential resources from a Trustee server.
Jira:RHEL-68141[1]
6.15. RHEL in cloud environments
RHEL is available on Azure confidential VMs as a Technology Preview
With the updated RHEL kernel, you can create and run RHEL confidential virtual machines (VMs) on Microsoft Azure as a Technology Preview from RHEL 9.3. The newly added unified kernel image (UKI) now enables booting encrypted confidential VM images on Azure. The UKI is available as a kernel-uki-virt package in RHEL 9 repositories.
Currently, the RHEL UKI can only be used in a UEFI boot configuration.
Jira:RHELPLAN-139800[1]
6.16. Containers
The podman-machine command is unsupported
The podman-machine command for managing virtual machines, is available only as a Technology Preview. Instead, run Podman directly from the command line.
Jira:RHELDOCS-16861[1]
A new rhel9/rhel-bootc container image is available as a Technology Preview
The rhel9/rhel-bootc container image is now available in the Red Hat Container Registry as a Technology Preview. With the RHEL bootable container images, you can build, test, and deploy an operating system exactly as a container. The RHEL bootable container images differ from the existing application Universal Base Images (UBI) thanks to the following enhancements: RHEL bootable container images contain additional components necessary to boot, such as, kernel, initrd, bootloader, firmware, between others. There are no changes to existing container images. For more information, see Red Hat Ecosystem Catalog.
Jira:RHELDOCS-17803[1]
The composefs file system is available as Technology Preview
The composefs read-only file system available as Technology Preview is generally intended only to be used by the bootc/ostree and podman projects at the current time. With composefs, you can use these projects to create and use read-only images, share file data between images, and validate images on runtime. As a result, you have a fully verified file-system tree mounted, with opportunistic fine-grained sharing of identical files.
Jira:RHEL-18157[1]
Partial pulls for zstd:chunked are available as a Technology Preview
You can pull only the changed parts of the container images compressed with the zstd:chunked format, reducing network traffic and necessary storage. You can enable partial pulls by adding the enable_partial_images = "true" setting to the /etc/containers/storage.conf file. This functionality is available as a Technology Preview.
The podman artifact command is available as a Technology Preview
The podman artifact command, which you can use to work with OCI artifacts at the command-line level, is available as a Technology Preview. For further information, please reference the man page.
'%20d='M201.5%20305.5c-13.8%200-24.9-11.1-24.9-24.6%200-13.8%2011.1-24.9%2024.9-24.9%2013.6%200%2024.6%2011.1%2024.6%2024.9%200%2013.6-11.1%2024.6-24.6%2024.6zM504%20256c0%20137-111%20248-248%20248S8%20393%208%20256%20119%208%20256%208s248%20111%20248%20248zm-132.3-41.2c-9.4%200-17.7%203.9-23.8%2010-22.4-15.5-52.6-25.5-86.1-26.6l17.4-78.3%2055.4%2012.5c0%2013.6%2011.1%2024.6%2024.6%2024.6%2013.8%200%2024.9-11.3%2024.9-24.9s-11.1-24.9-24.9-24.9c-9.7%200-18%205.8-22.1%2013.8l-61.2-13.6c-3-.8-6.1%201.4-6.9%204.4l-19.1%2086.4c-33.2%201.4-63.1%2011.3-85.5%2026.8-6.1-6.4-14.7-10.2-24.1-10.2-34.9%200-46.3%2046.9-14.4%2062.8-1.1%205-1.7%2010.2-1.7%2015.5%200%2052.6%2059.2%2095.2%20132%2095.2%2073.1%200%20132.3-42.6%20132.3-95.2%200-5.3-.6-10.8-1.9-15.8%2031.3-16%2019.8-62.5-14.9-62.5zM302.8%20331c-18.2%2018.2-76.1%2017.9-93.6%200-2.2-2.2-6.1-2.2-8.3%200-2.5%202.5-2.5%206.4%200%208.6%2022.8%2022.8%2087.3%2022.8%20110.2%200%202.5-2.2%202.5-6.1%200-8.6-2.2-2.2-6.1-2.2-8.3%200zm7.7-75c-13.6%200-24.6%2011.1-24.6%2024.9%200%2013.6%2011.1%2024.6%2024.6%2024.6%2013.8%200%2024.9-11.1%2024.9-24.6%200-13.8-11-24.9-24.9-24.9z'/%3e%3c/svg%3e){kind=small}